Some people believe that security devices like the ones I'll describe in this chapter are the best possible solutions to the problem of computer security. To some extent, they're right. But as you've seen, security depends on people, and the effectiveness of any security device depends not only on the device itself, but on the hacker who is attempting to defeat it and on the other security measures that back up the device. I don't think hardware alone will ever ensure complete security - at least not until it is as "intelligent" as a determined hacker. Still, as I noted in Six, ninety percent security is all that most systems need. And some of the equipment currently available is very effective, at least as far as deterring most hackers. Or, rather, it's effective as long as the system operator or security manager doesn't fall into the trap of thinking that other security measures, such as password procedures, are rendered obsolete by the fancy new hardware. Some advertisements claim security systems that are as close to one hundred percent uncrackable as possible. Others boast limitless

Using Barcode drawer for VS .NET Control to generate, create Delivery Point Barcode (DPBC) image in VS .NET applications.

www.OnBarcode.com

numbers of security codes, claiming that a hacker would spend hundreds or thousands of years trying to break these codes. If you are thinking about buying one of these devices, ask some questions of yourself and of the equipment vendor before you buy: "How does it work " "How effective (and cost-effective) is it " and "Is it what I need " This chapter will try to answer such questions for most of the equipment now available. The companies that sell these devices tell you (understandably) every good point about their systems. But since very few things in this world are flawless, I'll point out some of the vulnerabilities of these methods of defense, too - at least as far as hackers are concerned. In addition, because colorful literature sometimes does not explain exactly what the device does, I'll also try to explain how each of these devices works. Almost every security device now available fits into one of two categories: data encryption or callback. Briefly, data encryption is a method of encoding data so that the information will be unreadable without a code-breaking "key." Callback is a method of limiting access to a computer by having the system verify a user's authorization and then call the user back at a specified phone number. We'll examine these two methods in depth, and then briefly go over the other security fixes that are, or are becoming, available.

Using Barcode generator for Online Control to generate, create Code 128B image in Online applications.

www.OnBarcode.com

By their nature, encryption devices are not intended to keep hackers out of any computer system. Rather than limit access to the machine, they limit access to information. They are designed to keep some or all of the data on a system secret by rendering the information unreadable. An encryption device can be either hardware or software. In either case, most such devices take text and alter it according to a key that is either chosen by the user or is generated as a string of random characters by the device itself. When the information needs to be read, the same process of alteration is applied in reverse. If the device is hardware-based, the encryption unit is placed between the computer and the terminal. The device does not require a user to run any special encryption program, and it both encrypts

Using Barcode generator for Reporting Service Control to generate, create barcode image in Reporting Service applications.

www.OnBarcode.com

outgoing data and decrypts incoming data. With most such hardware encryption devices, the risk of losing or guessing the key is minimal, because the user does not need to choose or keep track of the key. If the device is software-based, the user must run a special program to encrypt or decrypt files. In this case, the program will ask the user for a file and a key, and it will encrypt or decrypt the file using the key given by the user. Here is a simplified example of the way encryption works. Let's assume that we have in the computer a small text file we want to have encrypted. We'll name our file SAMPLE and simply let it consist of the phrase OUT OF THE INNER CIRCLE. Now the fun begins. We run a program called Encrypt, and it asks us what file we would like to encrypt. We respond with SAMPLE, and the program requests a key to use in encrypting it. For this example, we will choose a very simple key, the word KEY. The program will then internally match up the key/text combination as follows: